发布求助
文献互助 智能选刊 最新文献

Journal of Information Systems Security最新文献

筛选
英文 中文
Diminishing Perimeter 减少周边
Journal of Information Systems Security Pub Date : 2005-11-01 DOI: 10.1201/1086.1065898X/45654.14.5.20051101/91007.1
J. Tiller
{"title":"Diminishing Perimeter","authors":"J. Tiller","doi":"10.1201/1086.1065898X/45654.14.5.20051101/91007.1","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45654.14.5.20051101/91007.1","url":null,"abstract":"Abstract For years the perimeter has been the focal point of security technology. What was once routers with access control lists designed to block traffic founded on basic characteristics has evolved into a myriad of sophisticated devices inspecting every detail of communications. However, successful attacks are on the rise, with increasing impact on organizations. Although perimeter technology appears to have evolved significantly, it pales in comparison to the advancements in tactics and tools and the cleverness of today's threats. To add to the malaise, companies are seeking to fully leverage the Internet and new application development strategies in an effort to support the comprehensive information-sharing needs of the business.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":"50 1","pages":"2 - 4"},"PeriodicalIF":0.0,"publicationDate":"2005-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73544790","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Firewall Considerations for the IT Manager IT经理的防火墙注意事项
Journal of Information Systems Security Pub Date : 2005-11-01 DOI: 10.1201/1086.1065898X/45654.14.5.20051101/91011.5
P. Henry
{"title":"Firewall Considerations for the IT Manager","authors":"P. Henry","doi":"10.1201/1086.1065898X/45654.14.5.20051101/91011.5","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45654.14.5.20051101/91011.5","url":null,"abstract":"Abstract To fully understand and appreciate the current environment one will be working in, it is important to look back a few years to gain some insight into the dynamics of network security and how it has evolved to meet the maturing threats present when connecting any private network to the public Internet.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":"7 1","pages":"29 - 51"},"PeriodicalIF":0.0,"publicationDate":"2005-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88585908","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Source Code Implications for Malcode 源代码对恶意代码的影响
Journal of Information Systems Security Pub Date : 2005-11-01 DOI: 10.1201/1086.1065898X/45654.14.5.20051101/91009.3
Ken Dunham
{"title":"Source Code Implications for Malcode","authors":"Ken Dunham","doi":"10.1201/1086.1065898X/45654.14.5.20051101/91009.3","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45654.14.5.20051101/91009.3","url":null,"abstract":"Abstract The advent of source code availability within the malicious code world has serious implications. The nature and volume of attacks have been changed forever as a result. This article reviews a brief history of source code implications and identifies current trends and implications of source code availability to malicious actors.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":"78 1","pages":"10 - 14"},"PeriodicalIF":0.0,"publicationDate":"2005-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"86661817","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Retention of Corporate E-Documents under Sarbanes—Oxley 根据萨班斯-奥克斯利法案保留公司电子文件
Journal of Information Systems Security Pub Date : 2005-09-01 DOI: 10.1201/1086.1065898X/45528.14.4.20050901/90084.2
Edward H. Freeman
{"title":"Retention of Corporate E-Documents under Sarbanes—Oxley","authors":"Edward H. Freeman","doi":"10.1201/1086.1065898X/45528.14.4.20050901/90084.2","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45528.14.4.20050901/90084.2","url":null,"abstract":"Abstract In recent years, the press has reported many high-profile corporate frauds, leading in turn to major bankruptcies. Congressional committees have investigated widespread financial misstatements in some of America's most trusted organizations. Employees saw their pension funds and life savings evaporate after unscrupulous executives pocketed the last remaining assets. The fall of Arthur Andersen, Enron, Tyco, Healthsouth, Global Crossing, World- Com, and others have cost investors and taxpayers billions.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":"442 1","pages":"5 - 9"},"PeriodicalIF":0.0,"publicationDate":"2005-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76502088","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Hiding Tree Structured Data and Queries from Untrusted Data Stores 隐藏树形结构数据和来自不可信数据存储的查询
Journal of Information Systems Security Pub Date : 2005-09-01 DOI: 10.1201/1086.1065898X/45528.14.4.20050901/90085.3
Ping-Min Lin, K. Candan
{"title":"Hiding Tree Structured Data and Queries from Untrusted Data Stores","authors":"Ping-Min Lin, K. Candan","doi":"10.1201/1086.1065898X/45528.14.4.20050901/90085.3","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45528.14.4.20050901/90085.3","url":null,"abstract":"Abstract With the increasing use of Web services, many new challenges concerning data security are becoming critical. Especially in mobile services, where clients are generally thin in terms of computation power and storage space, a remote server can be outsourced for the computation or can act as a data store. Unfortunately, such a data store may not always be trustworthy, and clients with sensitive data and queries may want protection from malicious attacks. This article presents a technique to hide tree-structured data from potentially malicious data stores, while allowing clients to traverse the data to locate an object of interest without leaking information to the data store. The two motivating applications for this approach are hiding (1) tree-like XML data as well as XML queries that are in the form of tree-paths, and (2) tree-structured indexes and queries executed on such data structures. We show that this task is achievable through a one-server protocol that introduces only a limited and adjustable communication overhead. This is especially essential in low-bandwidth (such as wireless) distributed environments. The proposed protocol has desirable communication and concurrency performance, as demonstrated by the experiments we have conducted.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":"93 1","pages":"10 - 26"},"PeriodicalIF":0.0,"publicationDate":"2005-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"78280262","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Securing Web Services 保护Web服务
Journal of Information Systems Security Pub Date : 2005-09-01 DOI: 10.1201/1086.1065898X/45528.14.4.20050901/90087.5
Rami Jaamour
{"title":"Securing Web Services","authors":"Rami Jaamour","doi":"10.1201/1086.1065898X/45528.14.4.20050901/90087.5","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45528.14.4.20050901/90087.5","url":null,"abstract":"Abstract A Web service is an application that can be described, published, located, and invoked over the Web. A Web service is identified by a URI, whose public interfaces and bindings are defined and described using XML in a WSDL (Web Service Description Language) document. SOAP, a W3C specification, is the most common binding used to communicate messages between the service consumers (loosely known as clients) and the service provider (the server). SOAP determines how message data should be enveloped and formatted along with metadata (headers).","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":"175 1","pages":"36 - 44"},"PeriodicalIF":0.0,"publicationDate":"2005-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77774846","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 52
Turning Application Security Inside Out: Security for Service-Oriented Architectures (SOAs) 彻底改变应用程序安全性:面向服务的体系结构(soa)的安全性
Journal of Information Systems Security Pub Date : 2005-09-01 DOI: 10.1201/1086.1065898X/45528.14.4.20050901/90086.4
Brent A. Carlson, A. Himler
{"title":"Turning Application Security Inside Out: Security for Service-Oriented Architectures (SOAs)","authors":"Brent A. Carlson, A. Himler","doi":"10.1201/1086.1065898X/45528.14.4.20050901/90086.4","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45528.14.4.20050901/90086.4","url":null,"abstract":"Abstract Service-oriented architectures (SOAs) have become mainstream in the past year due to their ability to provide business agility and flexibility through integration, productivity, and software reuse. The Web services framework enables composite applications that leverage service- oriented architecture (SOA) design practices, creating more cost-effective distributed architectures. As enterprises adopt SOA, they open their systems, enabling greater agility and easier integration.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":"6 1","pages":"27 - 35"},"PeriodicalIF":0.0,"publicationDate":"2005-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87050726","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Sarbanes—Oxley and Enterprise Security: IT Governance — What It Takes to Get the Job Done 萨班斯-奥克斯利法案与企业安全:IT治理——如何完成工作
Journal of Information Systems Security Pub Date : 2005-08-01 DOI: 10.1201/1086.1065898X/45654.14.5.20051101/91010.4
William C. Brown, Frank Nasuti
{"title":"Sarbanes—Oxley and Enterprise Security: IT Governance — What It Takes to Get the Job Done","authors":"William C. Brown, Frank Nasuti","doi":"10.1201/1086.1065898X/45654.14.5.20051101/91010.4","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45654.14.5.20051101/91010.4","url":null,"abstract":"Abstract Several sections of the Sarbanes— Oxley Act of 2002 (SOX) directly affect the governance of the information technology (IT) organization, including potential SOX certification by the chief information officer, Section 404 internal control assessments, “rapid and current” disclosures to the public of material changes, and authentic and immutable record retention. The Securities and Exchange Commission (SEC) requires publicly traded companies to comply with the Treadway Commission's Committee of Sponsoring Organizations (COSO) that defines enterprise risk and places security as a critical variable in enterprise risk assessment. Effective IT and security governance are examined in terms of SOX compliance. Motorola IT security governance demonstrates effective structures, processes, and communications; centralized security leaders participate with Motorola's Management Board to create an enabling security organization to sustain long-term change.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":"4 1","pages":"15 - 28"},"PeriodicalIF":0.0,"publicationDate":"2005-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87166079","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 44
Got Spam? 有垃圾邮件吗?
Journal of Information Systems Security Pub Date : 2005-07-01 DOI: 10.1201/1086.1065898X/45390.14.3.20050701/89144.1
Jim S. Tiller
{"title":"Got Spam?","authors":"Jim S. Tiller","doi":"10.1201/1086.1065898X/45390.14.3.20050701/89144.1","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45390.14.3.20050701/89144.1","url":null,"abstract":"Abstract According to Symantec's March 2005 threat report, spam, usually defined as junk or unsolicited e-mail, made up over 60 percent of all e-mail traffic during the reporting period from July to December 2004. By anyone's definition, that is a lot of junk e-mail. But, as security professionals know, spam is much more than an annoyance and can adversely affect system and data integrity. Moreover, its existence can be an indicator of a much larger issue.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":"30 1","pages":"2 - 4"},"PeriodicalIF":0.0,"publicationDate":"2005-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87541132","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Securing Small Business Computer Networks: An Examination of Primary Security Threats and Their Solutions 保护小型企业计算机网络:主要安全威胁及其解决方案的研究
Journal of Information Systems Security Pub Date : 2005-07-01 DOI: 10.1201/1086.1065898X/45390.14.3.20050701/89148.5
G. Gercek, Naveed Saleem
{"title":"Securing Small Business Computer Networks: An Examination of Primary Security Threats and Their Solutions","authors":"G. Gercek, Naveed Saleem","doi":"10.1201/1086.1065898X/45390.14.3.20050701/89148.5","DOIUrl":"https://doi.org/10.1201/1086.1065898X/45390.14.3.20050701/89148.5","url":null,"abstract":"Abstract This article addresses the primary threats to computer networks that a small business might encounter and also provides strategies to counter these threats. It emphasizes the key characteristics associated with each category of security threat and provides approaches to eliminate or alleviate these threats. The article also presents a case study of a small insurance company for which the authors helped design, implement and secure computer networks. This case study further clarifies the concepts and strategies presented in the paper.","PeriodicalId":36738,"journal":{"name":"Journal of Information Systems Security","volume":"115 3 1","pages":"18 - 28"},"PeriodicalIF":0.0,"publicationDate":"2005-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73169506","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信